package com.uniflow.security;

import com.uniflow.entity.Role;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

import java.util.Collection;
import java.util.List;
import java.util.Collections;
import java.util.stream.Collectors;

/**
 * 自定义用户详情类
 */
public class CustomUserDetails implements UserDetails {
    
    private final String id;
    private final String username;
    private final String password;
    private final String email;
    private final String displayName;
    private final String orgId;
    private final boolean enabled;
    private final boolean accountNonExpired;
    private final boolean credentialsNonExpired;
    private final boolean accountNonLocked;
    private final Collection<? extends GrantedAuthority> authorities;
    private final List<Role> roles;
    
    public CustomUserDetails(String id, String username, String password, String email, 
                           String displayName, String orgId, boolean enabled, 
                           boolean accountNonExpired, boolean credentialsNonExpired, 
                           boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities,
                           List<Role> roles) {
        this.id = id;
        this.username = username;
        this.password = password;
        this.email = email;
        this.displayName = displayName;
        this.orgId = orgId;
        this.enabled = enabled;
        this.accountNonExpired = accountNonExpired;
        this.credentialsNonExpired = credentialsNonExpired;
        this.accountNonLocked = accountNonLocked;
        this.authorities = authorities;
        this.roles = roles;
    }
    
    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        return authorities;
    }
    
    @Override
    public String getPassword() {
        return password;
    }
    
    @Override
    public String getUsername() {
        return username;
    }
    
    @Override
    public boolean isAccountNonExpired() {
        return accountNonExpired;
    }
    
    @Override
    public boolean isAccountNonLocked() {
        return accountNonLocked;
    }
    
    @Override
    public boolean isCredentialsNonExpired() {
        return credentialsNonExpired;
    }
    
    @Override
    public boolean isEnabled() {
        return enabled;
    }
    
    // 自定义getter方法
    public String getId() {
        return id;
    }
    
    public String getEmail() {
        return email;
    }
    
    public String getDisplayName() {
        return displayName;
    }
    
    public String getOrgId() {
        return orgId;
    }
    
    public List<Role> getRoles() {
        return roles;
    }
    
    /**
     * 检查是否拥有指定角色
     */
    public boolean hasRole(String roleName) {
        if (roles == null) {
            return false;
        }
        return roles.stream().anyMatch(role -> role.getName().equalsIgnoreCase(roleName));
    }
    
    /**
     * 检查是否拥有指定权限
     */
    public boolean hasPermission(String permission) {
        if (authorities == null) {
            return false;
        }
        return authorities.stream()
                .anyMatch(authority -> authority.getAuthority().equals(permission));
    }
    
    /**
     * 检查是否为管理员
     */
    public boolean isAdmin() {
        return hasRole("ADMIN") || hasRole("SUPER_ADMIN");
    }
    
    /**
     * 获取角色名称列表
     */
    public List<String> getRoleNames() {
        if (roles == null) {
            return Collections.emptyList();
        }
        return roles.stream().map(Role::getName).collect(Collectors.toList());
    }
    
    /**
     * 获取权限列表
     */
    public List<String> getPermissions() {
        if (authorities == null) {
            return Collections.emptyList();
        }
        return authorities.stream()
                .map(GrantedAuthority::getAuthority)
                .filter(auth -> !auth.startsWith("ROLE_"))
                .collect(Collectors.toList());
    }
    
    @Override
    public String toString() {
        return "CustomUserDetails{" +
                "id='" + id + '\'' +
                ", username='" + username + '\'' +
                ", email='" + email + '\'' +
                ", displayName='" + displayName + '\'' +
                ", orgId='" + orgId + '\'' +
                ", enabled=" + enabled +
                ", authorities=" + authorities +
                '}';
    }
}